Is Social Engineering Ethical?

After reading the article "Don't Include Social Engineering in Penetration Tests," discuss whether social
engineering should be included as part of a penetration test. Knowing that the human is the weakest link in the
cybersecurity chain, is it ethical as part of the pen test to engage in behavior that the author describes as a
"grey area: compromising staff members' personal devices or personal email accounts (as opposed to work
accounts); breaking into office buildings to steal equipment or plant network monitoring devices; compromising
social media accounts to perform recon; etc."? (Kaplan-Moss, 2017)
Review several of your fellow learners' posts and respond to at least two of your peers by end of Day 7 of the
week. In your response to your classmates' posts:
Do you agree with your fellow learners' assessments of social engineering as part of penetration testing?
Try to expand on your rationale by asking your classmates questions and provide additional resources and
evidence to support your claims and to extend their thoughts on their point of view.
References
Kaplan-Moss, J. (2017, June 27). Don't include social engineering in penetration tests [Blog post]. Retrieved
from https://jacobian.org/2017/jun/27/social-engineering-pentests/